Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Web site borne malware captured with reputation filter

IronPort Systems : 20 March, 2008  (New Product)
URLs hosting malware and botsites captured with latest version of web reputation filters from IronPort.
IronPort Systems has announced significant enhancements to IronPort Web Reputation Filters. Even though these filters have already had one of the industry's highest capture rates of Web-based malware, the company is adding URL Outbreak Detection and Botsite Defense - effectively making IronPort Web Reputation Filters one of the most comprehensive Web security offerings available.

These powerful new layers of malware defence are available on the IronPort S-SeriesT family of Web security appliances and through IronPort's SenderBase Network.

Threat analysts at IronPort and Cisco have observed that the Web is increasingly becoming the preferred method of malware distribution. As a result, corporations face even more sophisticated malware threats from a variety of entry points and coordinated cross-protocol attacks.

Threat writers are constantly looking for new ways to increase their success rate, and distributing malware through legitimate websites is an effective way to do so. A recent example of these dynamic attacks occurred in early March, when hundreds of legitimate sites were being used as a redirection hub to malware-producing bots. IronPort's Web Reputation Filters recognise where the redirection is going and can stop the request before any malware enters the network. Simple URL filtering alone does not detect threats targeted at legitimate sites, but IronPort Web Reputation Filters with Botsite Defense and URL Outbreak Detection can identify compromised sites and prevent customers from connecting to them.

There are over 10 billion active webpages. According to industry estimates between 2 percent and 10 percent of websites are malicious; a staggering amount of exposure for today's businesses. The malware and spyware delivered by these sites can result in a loss of confidential information, system and network downtime, reduced employee productivity and higher customer support costs.
Reputation filtering systems, like IronPort Web Reputation Filters with URL Outbreak Detection and Botsite Defense, can help protect against infected sites as well as rapidly-mutating malware.

One of the fastest vectors of Web-based threats are compromised hosts (known as botsites) that follow instructions from a command-and-control network (known as botnets).

Spreading via recruiting email and spam, malicious botsites self-propagate through their own established peer-to-peer networks. The botnets coordinate with each other to create spam with infected landing pages; the botnet/botsite system represents an intelligent malware distribution platform that is reusable and self-defending. Industry estimates point to at least 7 percent of the computers connected to the Internet (75 to 100 million machines) being part of some botnet/botsite system.

'The intelligence of these botnets is astounding,' said Tom Gillis, vice president of marketing for IronPort Systems. 'A single Botnet can produce thousands of malware-laden botsites, that are active for anywhere from a few minutes to a few hours. The only effective defence is a Web reputation service that can detect the underlying deception and filter the sites out proactively.'

Along with an increase in malicious botsites, IronPort's Threat Operations Centre has observed a significant increase in URLs hosting new malware for which no signatures are available. These URL outbreaks have surged 300 percent over the past 12 months, and enterprises have had no effective solutions.

Today's URL-based threats come primarily from botsites that serve as malware distribution hubs, spam URLs, insecure Web 2.0 sites and malicious ad-distribution networks. As threats become multi-protocol in nature, IronPort helps secure the enterprise network to enable businesses to operate at high efficiency while mitigating the worry of lost productivity and resources.

'Growing volumes of botsites and the corresponding delivery of new uncategorised malware is a huge problem,' said Tim Sommers, senior enterprise security engineer at Aurora Healthcare. 'With the latest release of IronPort Web Reputation Filters, we now have a solution that helps to protect against such threats, before signatures are available.'

Existing solutions that rely on traditional URL filtering have not been effective because most rely on manual classification techniques. The infected sites hide behind a variety of benign categories (including finance, entertainment and news), thereby rendering traditional classification-based URL filtering ineffective as a defense.

IronPort's URL Outbreak Detection is designed to identify and defend against URLs that have no reputation or signature - typically hosted on a botsite and controlled by a botnet.

The IronPort SenderBase Network has the one of the largest email and Web-traffic footprints in the industry, allowing IronPort to detect and block these new URL outbreaks rapidly. Real-time analysis of global Web traffic allows analysts in the IronPort Threat Operations Centre to proactively publish reputation scores for such URLs prior to signatures being available from anti-malware vendors.

These latest enhancements include security modeling techniques that provide dynamic protection against threats that target legitimate websites as well as 'always on' detection, which tracks the infrastructure behind malware attacks, then adjusts to rapidly block them.

The latest release of IronPort Web Reputation Filters is available now on the IronPort S-Series family of Web security appliances.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo